<!DOCTYPE HTML PUBLIC "-//ORA//DTD CD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE>[Chapter 16] javakey</TITLE>
<META NAME="author" CONTENT="David Flanagan">
<META NAME="date" CONTENT="Thu Jul 31 16:04:22 1997">
<META NAME="form" CONTENT="html">
<META NAME="metadata" CONTENT="dublincore.0.1">
<META NAME="objecttype" CONTENT="book part">
<META NAME="otheragent" CONTENT="gmat dbtohtml">
<META NAME="publisher" CONTENT="O'Reilly &amp; Associates, Inc.">
<META NAME="source" CONTENT="SGML">
<META NAME="subject" CONTENT="Java">
<META NAME="title" CONTENT="Java in a Nutshell">
<META HTTP-EQUIV="Content-Script-Type" CONTENT="text/javascript">
</HEAD>
<body vlink="#551a8b" alink="#ff0000" text="#000000" bgcolor="#FFFFFF" link="#0000ee">

<DIV CLASS=htmlnav>
<H1><a href='index.htm'><IMG SRC="gifs/smbanner.gif"
     ALT="Java in a Nutshell" border=0></a></H1>
<table width=515 border=0 cellpadding=0 cellspacing=0>
<tr>
<td width=172 align=left valign=top><A HREF="ch16_06.htm"><IMG SRC="gifs/txtpreva.gif" ALT="Previous" border=0></A></td>
<td width=171 align=center valign=top><B><FONT FACE="ARIEL,HELVETICA,HELV,SANSERIF" SIZE="-1">Chapter 16<br>JDK Tools</FONT></B></TD>
<td width=172 align=right valign=top><A HREF="ch16_08.htm"><IMG SRC="gifs/txtnexta.gif" ALT="Next" border=0></A></td>
</tr>
</table>

&nbsp;
<hr align=left width=515>
</DIV>
<A NAME="CH16.JAVAKEY-1"></A>

<DIV CLASS=refnamediv>
<H1>javakey</H1>

<H2>Name</H2>

javakey---Key Management and Digital Signatures

</DIV>

<DIV CLASS=refsect1>
<h2 CLASS=refsect1><A CLASS="TITLE" NAME="JNUT2-CH-16-SECT-7.1">Availability</A></h2>

<P CLASS=para>
JDK 1.1 and later.

</DIV>

<DIV CLASS=refsect1>
<h2 CLASS=refsect1><A CLASS="TITLE" NAME="JNUT2-CH-16-SECT-7.2">Synopsis</A></h2>

<DIV CLASS=screen>
<P>
<PRE>
javakey <I CLASS=emphasis>options</I>
</PRE>
</DIV>

</DIV>

<DIV CLASS=refsect1>
<h2 CLASS=refsect1><A CLASS="TITLE" NAME="JNUT2-CH-16-SECT-7.3">Description</A></h2>

<P CLASS=para>
<A NAME="CH16.DIGITAL.SIGN1"></A><I CLASS=emphasis>javakey</I> provides a command-line interface to a number
of complex key and certificate generation and management
tasks, including the generation of digital signatures.
There are quite a few options that perform a number of
distinct operations.  <I CLASS=emphasis>javakey</I> manages a system
database of entities.  Each entity may have public and
private keys and/or certificates associated with it, and
in addition, each entity may be declared to be trusted or not.  Any
entity in the database may be an "identity" or a "signer."
Identities have only a public key associated with them,
while signers have both a public and private key, and thus
may sign files.

<P CLASS=para>
The different <I CLASS=emphasis>javakey</I> operations are specified with
the various options described below.

</DIV>

<DIV CLASS=refsect1>
<h2 CLASS=refsect1><A CLASS="TITLE" NAME="JNUT2-CH-16-SECT-7.4">Options</A></h2>

<DL CLASS=variablelist>
<DT CLASS=varlistentry><tt CLASS=literal>-c</tt> <I CLASS=emphasis>identity-name</I> <tt CLASS=literal>[true|false]</tt><br>
<DD>

<P CLASS=para>
Create.  Create and add a new identity to the database,
using the specified name.  If the identity name is followed
by <tt CLASS=literal>true</tt>, declare the identity to be trusted.
Otherwise make it untrusted.

<p>
<DT CLASS=varlistentry><tt CLASS=literal>-cs</tt> <I CLASS=emphasis>signer-name</I> <tt CLASS=literal>[true|false]</tt><br>
<DD>

<P CLASS=para>
Create signer.  Create and add a new signer entity to the
database, using the specified name.  If the name is followed
by <tt CLASS=literal>true</tt>, declare the signer to be trusted.
Otherwise make it untrusted.

<p>
<DT CLASS=varlistentry><tt CLASS=literal>-t</tt> <I CLASS=emphasis>entity-name</I> <tt CLASS=literal>true|false</tt><br>
<DD>

<P CLASS=para>
Assign trust.  Specify whether the named entity is trusted
(<tt CLASS=literal>true</tt>) or not (<tt CLASS=literal>false</tt>).

<p>
<DT CLASS=varlistentry><tt CLASS=literal>-l</tt><br>
<DD>

<P CLASS=para>
List.  List the names of all entities in the security database.

<p>
<DT CLASS=varlistentry><tt CLASS=literal>-ld</tt><br>
<DD>

<P CLASS=para>
List details.  List the names and other details about all
entities in the security database.

<p>
<DT CLASS=varlistentry><tt CLASS=literal>-li</tt> <I CLASS=emphasis>entity-name</I><br>
<DD>

<P CLASS=para>
List information.  List detailed information about the named
entity from the security database.

<p>
<DT CLASS=varlistentry><tt CLASS=literal>-r</tt> <I CLASS=emphasis>entity-name</I><br>
<DD>

<P CLASS=para>
Remove.  Remove the named entity from the security database.

<p>
<DT CLASS=varlistentry><tt CLASS=literal>-ik</tt> <I CLASS=emphasis>identity-name</I> <I CLASS=emphasis>keyfile</I><br>
<DD>

<P CLASS=para>
Import key.  Read a public key from the specified file and
associate it with the named identity.  The key must be in
X.509 format.

<p>
<DT CLASS=varlistentry><tt CLASS=literal>-ikp</tt> <I CLASS=emphasis>signer-name</I> <I CLASS=emphasis>pubkeyfile</I> <I CLASS=emphasis>privkeyfile</I><br>
<DD>

<P CLASS=para>
Import key pair.  Read the specified public key and private
key files and associate them with the named signer entity.
The keys must be in X.509 format.

<p>
<DT CLASS=varlistentry><tt CLASS=literal>-ic</tt> <I CLASS=emphasis>entity-name</I> <I CLASS=emphasis>certificate-file</I><br>
<DD>

<P CLASS=para>
Import certificate.  Read a certificate from the named
certificate file and associate it with the named entity.  If
the entity already has a public key, compare it to the key
in the certificate and issue a warning if they do not
match.  If the entity has not had a public key assigned,
use the public key from the certificate.

<p>
<DT CLASS=varlistentry><tt CLASS=literal>-ii</tt> <I CLASS=emphasis>entity-name</I><br>
<DD>

<P CLASS=para>
Import information.  This command allows you to enter
arbitrary textual information about an entity into the
database.

<p>
<DT CLASS=varlistentry><tt CLASS=literal>-gk</tt> <I CLASS=emphasis>signer algorithm size [pubfile [privfile]]</I><br>
<DD>

<P CLASS=para>
Generate key.  Generate a public and private key and
associate them with the named signer.  Use the specified
algorithm.  Currently, the only supported algorithm is
"DSA."  Generates keys of the specified number of bits, which
must be between 512 and 1024.  If <tt CLASS=literal>pubfile</tt> is
specified, write the public key to the specified file.  If
<tt CLASS=literal>privfile</tt> is specified, write the private key to the
specified file.

<p>
<DT CLASS=varlistentry><tt CLASS=literal>-g</tt> <I CLASS=emphasis>signer algorithm size [pubfile [privfile]]</I><br>
<DD>

<P CLASS=para>
A synonym for the <tt CLASS=literal>-gk</tt> command.

<p>
<DT CLASS=varlistentry><tt CLASS=literal>-gc</tt> <I CLASS=emphasis>directivefile</I><br>
<DD>

<P CLASS=para>
Generate certificate.  Generate a certificate according to
the parameters specified in the directive file.  The
directive file is a <tt CLASS=literal>Properties</tt> file that must
provide values for the following named properties:

<P>
<UL CLASS=itemizedlist>
<li CLASS=listitem><tt CLASS=literal>issuer.name</tt>.  The name of the entity issuing the certificate.

<P>
<li CLASS=listitem><tt CLASS=literal>issuer.cert</tt>.  The issuer's certificate number to be
used to sign the generated certificate (unless the
certificate will be self-signed.)

<P>
<li CLASS=listitem><tt CLASS=literal>subject.name</tt>.  The database name of the entity
that the certificate is being issued to.

<P>
<li CLASS=listitem><tt CLASS=literal>subject.real.name</tt>.  The real name of the entity that
the certificate is being issued to.

<P>
<li CLASS=listitem><tt CLASS=literal>subject.country</tt>.  The country that the subject
entity is in.

<P>
<li CLASS=listitem><tt CLASS=literal>subject.org</tt>.  The organization that the subject
entity is affiliated with.

<P>
<li CLASS=listitem><tt CLASS=literal>subject.org.unit</tt>.  A division within the subject's
organization.

<P>
<li CLASS=listitem><tt CLASS=literal>start.date</tt>.  The starting date (and time) of the certificate.

<P>
<li CLASS=listitem><tt CLASS=literal>end.date</tt>.  The ending date (and time) of the certificate.

<P>
<li CLASS=listitem><tt CLASS=literal>serial.number</tt>.  A serial number for the certificate.
This number must be unique among all certificates generated
by the issuer.

<P>
<li CLASS=listitem><tt CLASS=literal>out.file</tt>.  An optional filename that specifies what
file the certificate should be written to.

<P>
</UL>
<p>
<DT CLASS=varlistentry><tt CLASS=literal>-dc</tt> <I CLASS=emphasis>certfile</I><br>
<DD>

<P CLASS=para>
Display certificate.  Display the contents of the
certificate stored in <tt CLASS=literal>certfile</tt>.

<p>
<DT CLASS=varlistentry><tt CLASS=literal>-ec</tt> <I CLASS=emphasis>entity certificate-number file</I><br>
<DD>

<P CLASS=para>
Export certificate.  Output the numbered certificate of the
specified entity into the specified file.  Use the
<tt CLASS=literal>-li</tt> command to inspect the certificate numbers for a
given entity.

<p>
<DT CLASS=varlistentry><tt CLASS=literal>-ek</tt> <I CLASS=emphasis>entity pubfile [privfile]</I><br>
<DD>

<P CLASS=para>
Export key.  Output the public key of the specified entity
into the specified file.  If the entity is a signer, and the
<tt CLASS=literal>privfile</tt> is specified, additionally export the
private key of the entity to that file.

<p>
<DT CLASS=varlistentry><tt CLASS=literal>-gs</tt> <I CLASS=emphasis>directivefile jarfile</I><br>
<DD>

<P CLASS=para>
Generate signature.  Apply a digital signature to the
specified JAR file using the directives in the specified
directive file.  The directive file is a <tt CLASS=literal>Properties</tt>
file that must provide values for the following named properties:

<P>
<UL CLASS=itemizedlist>
<li CLASS=listitem><tt CLASS=literal>signer</tt>. The entity name of the signer.

<P>
<li CLASS=listitem><tt CLASS=literal>cert</tt>.  The certificate number to use for the
signature.

<P>
<li CLASS=listitem><tt CLASS=literal>chain</tt>.  The length of a chain of certificates to
include.  This is not currently supported; specify 0.

<P>
<li CLASS=listitem><tt CLASS=literal>signature.file</tt>.  The basename of the signature file
and signature block to be inserted into the JAR file.  It
must be 8 characters or less.  This name should not conflict
with any other digital signatures that may be inserted into
the JAR file.

<P>
<li CLASS=listitem><tt CLASS=literal>out.file</tt>.  This optional property specifies the name
that should be used for the signed JAR file that is
generated.

<P>
</UL>
</DL>
</DIV>

<DIV CLASS=refsect1>
<h2 CLASS=refsect1><A CLASS="TITLE" NAME="JNUT2-CH-16-SECT-7.5">See Also</A></h2>

<P CLASS=para>
<I CLASS=emphasis>jar</I>

</DIV>


<DIV CLASS=htmlnav>

<P>
<HR align=left width=515>
<table width=515 border=0 cellpadding=0 cellspacing=0>
<tr>
<td width=172 align=left valign=top><A HREF="ch16_06.htm"><IMG SRC="gifs/txtpreva.gif" ALT="Previous" border=0></A></td>
<td width=171 align=center valign=top><a href="index.htm"><img src='gifs/txthome.gif' border=0 alt='Home'></a></td>
<td width=172 align=right valign=top><A HREF="ch16_08.htm"><IMG SRC="gifs/txtnexta.gif" ALT="Next" border=0></A></td>
</tr>
<tr>
<td width=172 align=left valign=top>javah</td>
<td width=171 align=center valign=top><a href="index/idx_0.htm"><img src='gifs/index.gif' alt='Book Index' border=0></a></td>
<td width=172 align=right valign=top>javap</td>
</tr>
</table>
<hr align=left width=515>

<IMG SRC="gifs/smnavbar.gif" USEMAP="#map" BORDER=0> 
<MAP NAME="map"> 
<AREA SHAPE=RECT COORDS="0,0,108,15" HREF="../javanut/index.htm"
alt="Java in a Nutshell"> 
<AREA SHAPE=RECT COORDS="109,0,200,15" HREF="../langref/index.htm" 
alt="Java Language Reference"> 
<AREA SHAPE=RECT COORDS="203,0,290,15" HREF="../awt/index.htm" 
alt="Java AWT"> 
<AREA SHAPE=RECT COORDS="291,0,419,15" HREF="../fclass/index.htm" 
alt="Java Fundamental Classes"> 
<AREA SHAPE=RECT COORDS="421,0,514,15" HREF="../exp/index.htm" 
alt="Exploring Java"> 
</MAP>
</DIV>

</BODY>
</HTML>
